Even with this version of Chromium added to 1Password's trusted browsers, the extension won't auto unlock. Why?

[claudiodekker]

Answer: Because 1Password is very dishonest about their actual browser support, to put it mildly.

They claim that "it should be up to you to decide which vendors and applications you trust to connect to 1Password and access your data", and repeatedly mention you can add additional trusted browsers in 1Password for Mac as long as they’re code signed by Apple.

Furthermore, they state that "Browsers which are based on Chromium should be able to use the Chrome extension", but as we're able to observe, this clearly isn't the case.

Taking a closer look at their own log files, we can see that the reason for this is due to the fact that 1Password is creating NativeMessagingHosts files for a hardcoded list of browsers:

INFO  2023-12-18T17:52:01.587 ThreadId(12) [1P:ssh/op-ssh-config/src/lib.rs:309] agent not configured
INFO  2023-12-18T17:52:01.589 ThreadId(12) [1P:native-messaging/op-native-core-integration/src/lib.rs:568] Enabling BrowserHelper with bundle id: 2BUA8C4S2C.com.1password.browser-helper
INFO  2023-12-18T17:52:01.595 tokio-runtime-worker(ThreadId(8)) [1P:native-messaging/op-native-core-integration/src/lib.rs:329] Starting IPC listener on 2BUA8C4S2C.com.1password.browser-helper
INFO  2023-12-18T17:52:01.595 tokio-runtime-worker(ThreadId(8)) [1P:op-ipc/src/ipc/xpc.rs:77] XPC starting connection
INFO  2023-12-18T17:52:01.596 tokio-runtime-worker(ThreadId(8)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Google/Chrome/NativeMessagingHosts/com.1password.1password.json
INFO  2023-12-18T17:52:01.596 tokio-runtime-worker(ThreadId(8)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Google/Chrome Beta/NativeMessagingHosts/com.1password.1password.json
INFO  2023-12-18T17:52:01.596 tokio-runtime-worker(ThreadId(8)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Google/Chrome Canary/NativeMessagingHosts/com.1password.1password.json
INFO  2023-12-18T17:52:01.597 tokio-runtime-worker(ThreadId(8)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Google/Chrome Dev/NativeMessagingHosts/com.1password.1password.json
INFO  2023-12-18T17:52:01.597 tokio-runtime-worker(ThreadId(8)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Microsoft Edge/NativeMessagingHosts/com.1password.1password.json
INFO  2023-12-18T17:52:01.597 tokio-runtime-worker(ThreadId(8)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Microsoft Edge Beta/NativeMessagingHosts/com.1password.1password.json
INFO  2023-12-18T17:52:01.597 tokio-runtime-worker(ThreadId(8)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Microsoft Edge Canary/NativeMessagingHosts/com.1password.1password.json
INFO  2023-12-18T17:52:01.598 tokio-runtime-worker(ThreadId(8)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Microsoft Edge Dev/NativeMessagingHosts/com.1password.1password.json
INFO  2023-12-18T17:52:01.598 tokio-runtime-worker(ThreadId(8)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Vivaldi/NativeMessagingHosts/com.1password.1password.json
INFO  2023-12-18T17:52:01.598 tokio-runtime-worker(ThreadId(8)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Arc/User Data/NativeMessagingHosts/com.1password.1password.json
INFO  2023-12-18T17:52:01.598 tokio-runtime-worker(ThreadId(8)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Mozilla/NativeMessagingHosts/com.1password.1password.json
INFO  2023-12-18T17:52:01.598 tokio-runtime-worker(ThreadId(8)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:83] Successfully installed all native messaging manifests.

One could initially argue this is based on detection of what browsers are installed, but it even installs manifests files (and creates folders) for browsers you've never ever installed. Go ahead and check.

Fortunately however, this also means that in order to "fix" it for Chromium, all you'll have to do is create a 1Password NativeMessagingHost manifest file for it. The easiest way to do so is to simply copy Chrome's:

mkdir -p ~/Library/Application\ Support/Chromium/NativeMessagingHosts/
cp ~/Library/Application\ Support/Google/Chrome/NativeMessagingHosts/com.1password.1password.json ~/Library/Application\ Support/Chromium/NativeMessagingHosts/com.1password.1password.json

[danilokleber]

Hey there. Thanks for the signed builds!

I was wondering if this would make the sync work in 1Password 7. Yeah, I will use that version as long as possible as I don't like their new approach towards Electron based apps.

Currently I'm at:

Sorry if this is not applicable to this issue/repo.

[claudiodekker]

Yeah, I totally agree with you on the Electron part; I'm also not a fan.

I just found the 1Password forum thread where I was trying to figure out the same thing back in the day for 1Password 8:
https://1password.community/discussion/comment/619512/#Comment_619512

[...] EDIT: Could it be that the extension is failing to communicate in Chromium for a similar reason that the 1Password 7 extension failed in Chromium, because it was looking for / expecting a (hardcoded) path to Chrome's installation? I remember that with that version of the extension, 'creating' the path even if Chrome itself wasn't installed would magically make it work in Chromium as well.

EDIT 2: Found the 'path' workaround mentioned in my previous edit ( mkdir -p ~/Library/Application\ Support/Google/Chrome ), but even with that the problem still persists.

While that did lead me to a dead-end for 1Password 8 due to Chromium not being a code signed browser (ha, look at us now!), the fix of re-creating Google Chrome's Application Support folder path did magically fix the integration for 1Password 7.

Hope this helps, and that the fix still works!

[danilokleber]

Thanks for the help! I had to change the NativeMessagingHost manifest filename to include the 7 as I'm using that version. The app and the extension could then communicate but this gets shown:

Could it be that I was using the not signed ungoogled-chromium version and 1Password didn't pick up the change for the signed version? I'll try a restart just in case. Or maybe do a clean install?

EDIT: No luck with a restart. I don't know about the clean install. That's what I see in the logs:

[claudiodekker]

Yeah, so, according to those logs, it's still not able to find the NativeMessagingHosts file. Are you sure you placed it in Google Chrome's folder and not Chromium's?

Alternatively, do you have a place I can find the classic extension? It seems to have been removed from 1Password's website.

I'd love to go in-depth on this and see whether my fix still works, or whether it's broken, and if it is whether it's fixable, because according to 1Password 7's recent changelogs, it could be that some internal security certificate expired and that that's why the 1Password 7 extensions are no longer working.

[danilokleber]

Are you sure you placed it in Google Chrome's folder and not Chromium's?

I don't use Chrome anymore but its folder is still present in ~/Library/Application\ Support/. So I did:

mkdir -p ~/Library/Application\ Support/Chromium/NativeMessagingHosts/
cp ~/Library/Application\ Support/Google/Chrome/NativeMessagingHosts/com.1password.1password7.json ~/Library/Application\ Support/Chromium/NativeMessagingHosts/com.1password.1password7.json

Isn't that right? And the manifest looks like this (the extension I'm using is the first allowed origin):

{
  "path": "/Applications/1Password 7.app/Contents/Library/LoginItems/1Password Extension Helper.app/Contents/MacOS/1PasswordSLSNativeMessageHost",
  "type": "stdio",
  "allowed_origins": [
    "chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/",
    "chrome-extension://khgocmkkpikpnmmkgmdnfckapcdkgfaf/",
    "chrome-extension://hjlinigoblmkhjejkmbegnoaljkphmgo/"
  ],
  "name": "com.1password.1password7",
  "description": "1Password Extension"
}

Alternatively, do you have a place I can find the classic extension? It seems to have been removed from 1Password's website.

I'm not using the classic extension. It's the new one, with the Electron look. The one found at the regular Web Store.

Thanks for the continued help.

[claudiodekker]

Yeah, that should be right.

Honestly, I'm not sure, perhaps they broke it? It definitely used to work as I described above (1Passsword 7 + Chromium) a few years ago. I've just tried to install 1Password 7, and even in combination with Google Chrome itself it doesn't work on my end:

But this could just be me messing with things too much, because after reverting back to "how I had it", it also started complaining about the extension helper not running etc. etc. with 1Password 8, and only after a full OS restart that worked again.

In either case, all I can do is recommend to look at the log files, and see what they're reporting.
One of them should definitely contain references to the browser extension / "Chrome":

• ~/Library/Containers/com.agilebits.onepassword7/Data/Library/Logs/1Password
• ~/Library/Containers/2BUA8C4S2C.com.agilebits.onepassword7-helper/Data/Library/Logs/1Password

Good luck! And I'm sorry I wasn't able to get closer to what's happening, especially since things worked before.